we have the default application block response page enabled, however when users get app blocked this often happens, which doesn't help the support team troubleshoot the issue without having to go look for it?
Do you have SSL Decryption enabled for this blocked page or URL category if accessing via browser ? You might need to decrypt in order for firewall to check actually it is web-browsing traffic & display HTTP response page.
do you have ssl decryption enabled and are there any decrypt errors? the firewall may not be able to decrypt the traffic so it can't inject the block page
Also as a test I have opened the permitted IP address to our entire scope.
I have another application now, bitbucket and this is doing the same, I have even added computer-internet-info into our decryp rule and still no APP block page
As @reaper said you have to enable SSL decrypt for this traffic as the the app-id is using 443/ssl port in your URL log. You could create a custom URL category > add the wildcard or URL to that custom URL category & decrypt it. This will also help if you want all computer internet info category not to decrypt or if your URL is not matching any per-defined URL category. Ensure you have response page to URL block category/application & I/F mgmt profile has check on Response page. I am quite sure if your users browse using www. - they get response page but TLS time out when they do https://..URL
have you been able to positively match this error page to a security action ? (is it reject or drop?)
yes it was
sorry its small lol
its readable :) are you using evernote from the app or through a browser ? these app block things ae tricky to troubleshoot.
are you able to reliably simulate a proper response page with other applications ?
Do you have SSL Decryption enabled for this blocked page or URL category if accessing via browser ? You might need to decrypt in order for firewall to check actually it is web-browsing traffic & display HTTP response page.
this is a via a browser and not the evernote app. So when a usr browses to the evernote rule they get the error page.
any thoughts?
do you have ssl decryption enabled and are there any decrypt errors? the firewall may not be able to decrypt the traffic so it can't inject the block page
no as you can see
You do have 'response pages' enabled in the management profile on the client zones, right?
then my best guess is that you'll need to enable ssl decryption so the firewall is able to inject an error page
you mean like this...
Also as a test I have opened the permitted IP address to our entire scope.
I have another application now, bitbucket and this is doing the same, I have even added computer-internet-info into our decryp rule and still no APP block page
As @reaper said you have to enable SSL decrypt for this traffic as the the app-id is using 443/ssl port in your URL log. You could create a custom URL category > add the wildcard or URL to that custom URL category & decrypt it. This will also help if you want all computer internet info category not to decrypt or if your URL is not matching any per-defined URL category. Ensure you have response page to URL block category/application & I/F mgmt profile has check on Response page. I am quite sure if your users browse using www. - they get response page but TLS time out when they do https://..URL
I just set it up. As soon as my ssl decryption kicks in it works as expected
You guys are the best!!